--- Comment #23 from Yann Ylavic <> ---
I could verify my assertions with a configuration like this:

Listen 8443
<VirtualHost *:8443>
    ServerName localhost:8443

    SSLEngine on
    SSLProtocol -all +TLSv1.2

Listen 8880
<VirtualHost *:8880>
    ServerName localhost:8880

    <Location "/">
        SSLOptions StdEnvVars

    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerName off
    SSLProxyProtocol TLSv1
    <Proxy "https://localhost:8443";>
        SSLProxyProtocol TLSv1.2
    ProxyPass / https://localhost:8443/

Now I test a request on http://localhost:8080/, which should be forwarded to
https://localhost:8443/ using TLSv1.2.

With no patch (vanilla 2.4.33), I get the "SSL Library Error:
error:140BA0C3:SSL routines:SSL_new:null ssl ctx" because of the <Location>
section. This issue is resolved by both Rainer's and my patch.

With Rainer's patch, the forwarding happens using TLSv1.0 (which fails).
With my patch it works as expected (using TLSv1.2). 

So I don't think it makes a difference to use either patch for your current
production case, but for next 2.4 we probably will go with my patch.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to